As technology continues to evolve, so too the threats to the security of enterprises. As we enter 2023, the threat landscape for enterprises is becoming increasingly complex, fast-moving, with cyber threats growing in both volume and sophistication. The threat actors are using technology and knowledge from multiple domains to weaponize and create layers of techniques forming complex advanced attacks. From lone actor hacking for fun and some profit, cyber attack has turned into a full fledged underground industry. To protect against these threats, enterprises must adopt a comprehensive cybersecurity strategy.
Some of the key elements that ideally be included in any security strategy relevant for 2023 are:
- External attack surface management
- Continuous automated pen testing
- Identifying day 1 vulnerabilities at the earliest
- Protecting against supplier chain compromise threat
- Create mitigation plans against new classes of threat arising due to generative AI
- Continuously monitor against Ransomware susceptibility
External Attack Surface Management
The external attack surface of an enterprise refers to all the potential entry points. It involves discovering an enterprise’s assets exposed over the internet, critical ports remaining open due to misconfiguration, exposed sensitive data, shadow IT by means of Cloud and other virtual environment, dangling domain records, leaked credential, leaked code and more. In 2023, external attack surface management should include monitoring of cloud environments, third-party vendors, and supply chain partners. Also, the capability to filter, validate, prioritize and integrate with enterprise security management systems are also essential.
Continuous Automated Pen Testing
Traditional manual penetration testing is no longer sufficient in keeping up with the pace of technological advancements and the evolving threat landscape. Continuous automated pen testing provides businesses with a comprehensive view of their security posture and enables them to detect vulnerabilities quickly and respond promptly. It also allows businesses to conduct more frequent testing without impacting their day-to-day Advt Get App Leaders Speak Events Webinars More bilities ts Ransomware Cybercrime & Fraud Identity & Access Management GRC OT Security News Newsletters operations. Remember, the attackers are testing all the systems all the time whereas enterprise using traditional methods test some of the systems some of the time.
Identifying Day 1 Vulnerabilities
Day 1 vulnerabilities refer to zero-day vulnerabilities or vulnerabilities found very recently and the existing hunting and defense systems yet to identify and implement controls. The threat actors today are very fast to exploit those before a patch or update is available. In 2023, identifying day 1 vulnerabilities should be a priority for businesses. Enterprises should focus on identifying Day 1 vulnerabilities on their attack surface, preferable in 24 hours of its publishing. Proactive vulnerability management, including vulnerability scanning and assessment, to identify vulnerabilities before they are exploited by attackers is becoming extremely crucial.
Incident response plans should also be in place to address any Day 1 vulnerabilities that are discovered. This will help businesses respond quickly and minimize the damage caused by any potential attacks.
Supplier Chain Compromise
In recent years, threat actors have increasingly targeted third-party vendors and supply chain partners to gain access to an enterprise's network infrastructure. In the recent past, utilities, manufacturing and health care has seen APT actors attacking critical systems using supplier chain weaknesses. The impact has been very serious. In 2023, supplier chain compromise should be a focus for businesses as they are responsible for ensuring that their partners have adequate cybersecurity measures in place. Enterprises must establish a security vetting process for third-party vendors and suppliers and ensure that they adhere to their cybersecurity policies and standards. This will help prevent supply chain attacks, which can have devastating consequences for businesses.
Defense against Generative AI based threats
Generative AI is an emerging technology that is transforming the way businesses operate. However, it is also presenting new challenges to cybersecurity. In 2023, businesses must address the new class of threat arising due to generative AI. Generative AI can be used to create convincing phishing emails and other social engineering attacks that can bypass traditional security defenses. Therefore, businesses must invest in AI-powered security tools that can detect and respond to these new types of threats.
Continuous Monitoring of Ransomware Susceptibility
Ransomware attacks have been on the rise over the past few years, with cybercriminals using increasingly sophisticated methods to target businesses. A recent data breach report from Verizon mentioned Ransomware attacks as a key threat to enterprises. It also mentions phishing emails, malicious downloads, and through compromised supply chain partners as key attack vectors commonly used by ransomwares. The consequences of a successful ransomware attack can be devastating. In addition to the financial impact of paying the ransom, businesses may also face lost productivity, data loss, and reputational damage. Furthermore, some threat actors may not honor their promise to restore the encrypted data, even if the ransom is paid. Apart from internal preparation it may be worthwhile for large operations to arrange Insurance cover. Business Interruption insurance or standard Errors and Omissions (E&O) may not be sufficient. There are specialized Insurers and Lloyds of London market may be tapped. Some of these Insurers have specialized units who can also help in audit of preparations and cover financial re-mediation to customers
Cybersecurity is a critical issue for enterprises in 2023, and they must focus on implementing a robust cybersecurity strategy to protect themselves from the increasing number of cyber threats. This includes External attack surface management, Continuous automated pen testing, Continuous monitoring, Identifying Day 1 vulnerabilities in near real-time, Protecting against supplier chain compromise threat, Create mitigation plans against new classes of threat arising due to generative AI, Continuously monitor against Ransomware susceptibility. By taking the approach mentioned above, an enterprise will be able to reduce the Get App Leaders Speak Events Webinars More bilities ts Ransomware Cybercrime & Fraud Identity & Access Management GRC OT Security News Newsletters gap in cybersecurity controls, mitigate risks at a speed that matches the current day's attackers.
Posted from CISOPlatform member Arnab Chattopadhyay (Member of the CybersecurityWorking Group, IET Future Tech Panel)